CVE-2009-3730 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help feature (aka the Web Client Help system) in IBM Rational RequisitePro 7.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the operation parameter to ReqWebHelp/advanced/workingSet.jsp or the (2) searchWord (3) maxHits (4) scopedSearch or (5) scope parameter to ReqWebHelp/basic/searchView.jsp.

Reference

http://osvdb.org/59088 http://osvdb.org/59089 http://secunia.com/advisories/37052 http://www.securityfocus.com/bid/36721 http://www.vupen.com/english/advisories/2009/2958 http://www-01.ibm.com/support/docview.wss?uid=swg1PK83895